(aws-ecs): ECS clusters need to support enabling ENI trunking

[nathanpeck]

ENI trunking is an important feature that allows ECS to put a lot more containers per EC2 host when using AWS VPC networking mode. Without ENI trunking it is hard to use AWSVPC networking mode in an efficient manner. There is currently no way to enable ENI trunking using the ECS constructs.

We need a way to enable ENI trunking in the L2 construct, and have it set the appropriate account setting to enable ENI trunking in ECS. According to docs this is done using the put-account-setting-default API so there is a possibility that this will require a custom resource, as this API does not seem to be directly exposed in CloudFormation.

aws ecs put-account-setting-default \
      --name awsvpcTrunking \
      --value enabled \
      --region us-east-1

There is also some trickiness here because when using a custom resource to set ENI trunking it would need to be set prior to cluster creation and adding capacity to the cluster for it to take effect.

---

This is a :rocket: Feature Request

[jdix531]

This would be fantastic. It definitely feels redundant to need a second tool to deploy (sdk, cli, etc) using these features. Looking at the SDK it seems rather complicated to apply to individual instances. For now, I just enabled for the account, which seems like it should be harmless.

[dsharkou]

+1

[nathanpeck]

For reference if anyone else is looking at this issue, I have created a custom CloudFormation resource for turning on ENI Trunking. You can find the CloudFormation example here: https://containersonaws.com/pattern/cloudformation-turn-on-ecs-eni-trunking

This same approach could be implemented inside of CDK as well.

[github-actions[bot]]

This issue has received a significant amount of attention so we are automatically upgrading its priority. A member of the community will see the re-prioritization and provide an update on the issue.